Welcome!

SOA & WOA Authors: Peter Silva, Maureen O'Gara, Tony Bishop, Mark O'Neill, Yeshim Deniz

Related Topics: SOA & WOA

SOA & WOA: Article

Foundations for Building Enterprise Social Networks

Connecting people and information together
By James Owen, Vince Casarez
Article Rating:
February 21, 2008 04:00 AM EST
Reads:
 7,790

As mentioned earlier, information linking is an important aspect of any informal social networks. If all this information was in a single place, applying security policies would be straightforward. Since this is not practical, technologies that enable linking information are required to store parts of this information outside of the normal security policies, even if it is as simple as a linked URL. If someone were to link a public page to a document on M&A, any knowledge of the existence of that page must not be discoverable by users without access permissions. Here are a couple of practices to consider.

1.  The link resolution can rely on query time filtering. When the links from the page are requested, all the links are queried to discover if the requesting user has access. Those that aren't accessible are discarded from the results. This approach has a high level of security and for items that have small miss rates can be a very acceptable approach. However, this implies that there are two queries that get executed for each user access: one for the content, and a second for the access permissions. There are query optimizations to be done but it will impact performance in some way.
2.  Another approach is to keep the original security policies with the link repository. This produces more efficient queries, with the downside that the security policies must be kept in sync with the original repository. Normally, this would result in a small window of security mismatch.

It is important to understand how much of a burden you place on the end user to understand the underlying security models. Take for example a user creating a page and adding a document to it. If the security for the page and document are coming from the same infrastructure, then the model exposed to the user is consistent and simple. If they are separate, the application must either keep the two in sync, or the user must understand the page security and the document repository security in order to share information with others.
There are some best practices that can be implemented when considering how to secure information in a composite application:

  • Using formal social networks to define information access rights, thereby ensuring that the information itself is secured. To gain access to the information, users must be part of a specific group and be authenticated as such.
  • For an even greater level of control, information rights management products may be utilized. These products encrypt the actual information such that only those with access rights can access it. This has the added measure of security so that if the information leaves the repository, the initially defined access rights (emailing a document, for example) are still enforced.

    Discovery or Search
    All information must be integrated with common discovery or search infrastructures. The primary integration mechanisms involve one or both of the following:

    1. Integrating information artifacts within a single search index
    2. Federating real-time searches to the underlying information stores and returning an organized result
    Primary discovery mechanisms include search, tag clouds, pivoting/lateral searches and links navigation. Many of these discovery mechanisms are blending together. The typical usage pattern for weeding through the plethora of information in a Web 2.0 world generally involves combining search and navigation together. A user could start searching for a document he/she remembers as relevant from several months ago. After viewing the initial results, they may want to filter the results based on the author they recall wrote the document, they may want to simply start pivoting on tag words related to the search terms used, or they may want to follow links for a document that seems related.

    Since many of the discovery connections and end points may be a person, the means to interact with the person in-context such as instant messaging/chat, phone and e-mail should be considered key components of the Enterprise Social Network.

    Conclusion
    In order for social networking technologies to be successful within the enterprise, adoption is a key requirement. Ensuring that personal productivity tools are built into social networking features can be a way to significantly increase adoption. Information workers' primary focus is accomplishing their tasks in an efficient way with disparate information. The better social networking technologies are at facilitating an individual's own information organization, the more likely they are to be utilized in the enterprise. For example, if a user is able to effectively manage their shortcuts to information with tag words, they receive a primary benefit of this technology and will use it. The fact that other co-workers may now discover information deemed important by a subject matter expert is a benefit to the company.

    At the heart of a successful social network lies the ability to easily connect information and people together based on a whole set of industry standards. Bringing Web 2.0 features to the enterprise that leverage existing enterprise information and application infrastructure allows companies to tap into all users' expertise and experience, which makes everyone more productive.

    • Published February 21, 2008 – Reads 7,790
    Copyright © 2008 SYS-CON Media, Inc. — All Rights Reserved.
    Syndicated stories and blog feeds, all rights reserved by the author.

    More Stories By James Owen

    James Owen is a senior group product manager with Oracle WebCenter, responsible for page composition, social networking and content management technologies. He has been a featured speaker at industry conferences such as JavaOne, holds several patents in the content management space and was an active participant in the JSR-170 expert group.

    More Stories By Vince Casarez

    Over the past 12 years, Vince has held many key positions at Oracle. Currently, he is Vice President of Product Management for WebCenter, Portal, and Reports. He also has responsibility for managing the WebCenter development team handling the Web 2.0 services. Prior to this, he focused on hosted portal development and operations which included Oracle Portal Online for external customers, Portal Center for building a portal community, and My Oracle for the employee intranet. Previously, he was Vice President of Tools Marketing handling all tools products including development tools and business intelligence tools. Prior to running Tools Marketing, he was Director of Product Management for Oracle's JDeveloper. Before joining Oracle, Vince spent 7 years at Borland International where he was group product manager of Paradox for Windows and dBASE for Windows.

    Comments (0)

    Share your thoughts on this story.

    Add your comment
    You must be signed in to add a comment. Sign-in | Register

    In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.